Vulnerabilities > CVE-2006-1502 - Integer Overflow vulnerability in MPlayer
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-068.NASL description Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. The updated packages have been patched to prevent this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 21203 published 2006-04-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21203 title Mandrake Linux Security Advisory : mplayer (MDKSA-2006:068) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:068. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(21203); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-1502"); script_xref(name:"MDKSA", value:"2006:068"); script_name(english:"Mandrake Linux Security Advisory : mplayer (MDKSA-2006:068)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. The updated packages have been patched to prevent this problem." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64postproc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64postproc0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libdha1.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpostproc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpostproc0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mencoder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mplayer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mplayer-gui"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64postproc0-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64postproc0-devel-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libdha1.0-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libpostproc0-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libpostproc0-devel-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"mencoder-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"mplayer-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"mplayer-gui-1.0-1.pre7.12.3.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C7526A14C4DC11DA969900123FFE8333.NASL description Secunia reports : The vulnerabilities are caused due to integer overflow errors in last seen 2020-06-01 modified 2020-06-02 plugin id 21511 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21511 title FreeBSD : mplayer -- Multiple integer overflows (c7526a14-c4dc-11da-9699-00123ffe8333) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-108.NASL description A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21752 published 2006-06-24 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21752 title Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200605-01.NASL description The remote host is affected by the vulnerability described in GLSA-200605-01 (MPlayer: Heap-based buffer overflow) Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow. Impact : An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21316 published 2006-05-03 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21316 title GLSA-200605-01 : MPlayer: Heap-based buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-192.NASL description A heap-based buffer overflow was found in MPlayer last seen 2020-06-01 modified 2020-06-02 plugin id 26902 published 2007-10-03 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26902 title Mandrake Linux Security Advisory : mplayer (MDKSA-2007:192)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html
- http://secunia.com/advisories/19418
- http://secunia.com/advisories/19565
- http://secunia.com/advisories/19919
- http://securityreason.com/securityalert/532
- http://securityreason.com/securityalert/647
- http://securitytracker.com/id?1015842
- http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:068
- http://www.osvdb.org/24246
- http://www.osvdb.org/24247
- http://www.securityfocus.com/archive/1/429251/100/0/threaded
- http://www.securityfocus.com/bid/17295
- http://www.vupen.com/english/advisories/2006/1156
- http://www.xfocus.org/advisories/200603/11.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25514